Returns the ASN's prefix list pre-formatted for direct use in firewalls and
network devices. Replace :format with one of the names below.
All formats accept the same flexible :as syntax (AS13335, 13335, etc.).
Example requests
curl https://asn.ipinfo.app/api/json/ipset/AS13335
curl https://asn.ipinfo.app/api/json/nginx/AS13335
curl https://asn.ipinfo.app/api/json/raw/AS13335
curl https://asn.ipinfo.app/api/json/csv/AS13335
Prefix lists are automatically aggregated.
BGP routing tables frequently contain disaggregated announcements — a single logical
block split into many smaller prefixes for traffic engineering. We collapse adjacent
and overlapping CIDRs into the minimal covering set before returning results, so you
get fewer, cleaner firewall rules with no gaps. The aggregation is lossless: we never
add addresses that aren't actually announced by the AS.
Prefix lists for large ASes can be several hundred kilobytes. The Cloudflare edge
caches these aggressively. For automation, script directly against these endpoints
rather than scraping the web UI.
Unknown ASNs return an empty response, not a 404.
If the requested AS number has no data in our database, format endpoints return
HTTP 200 with an empty list (JSON) or empty body (text/download). This is
intentional — we want to help you block bad actors, not accidentally take down
your own infrastructure. An error string landing in an nginx config or an ipset
rule is not a good day for anyone.
Always check the HTTP status code and verify the response is non-empty
before applying output. 502 is returned for genuine upstream failures and should
always abort the update.
Safe curl pattern — Linux / bash
#!/usr/bin/env bash
# Download an ASN prefix list and apply it only when the response is valid.
# Suitable for use in a cron job or CI pipeline.
#
# Usage: ./update-blocklist.sh AS13335
ASN="${1:-AS13335}"
TMPFILE=$(mktemp)
URL="https://asn.ipinfo.app/api/text/nginx/${ASN}"
DEST="/etc/nginx/conf.d/blocklist-${ASN}.conf"
# -s : silent (no progress bar)
# -f : fail fast on HTTP errors (4xx/5xx treated as curl error)
# -o : write body to temp file
# -w : write HTTP status code to stdout after the transfer
HTTP_STATUS=$(curl -s -f -o "$TMPFILE" -w "%{http_code}" "$URL")
CURL_EXIT=$?
# Step 1 — check curl itself succeeded (covers network errors, TLS failures, etc.)
if [ "$CURL_EXIT" -ne 0 ]; then
echo "ERROR: curl failed (exit $CURL_EXIT) fetching $URL" >&2
rm -f "$TMPFILE"
exit 1
fi
# Step 2 — check the HTTP status is exactly 200
# 502 means our upstream had a problem; anything else unexpected is also an abort.
if [ "$HTTP_STATUS" != "200" ]; then
echo "ERROR: unexpected HTTP status $HTTP_STATUS from $URL" >&2
rm -f "$TMPFILE"
exit 1
fi
# Step 3 — check the response is non-empty
# An empty 200 means the ASN exists but has no announced prefixes (or isn't in
# our database). Applying an empty file is safe, but you may want to skip the
# reload to avoid unnecessary churn.
if [ ! -s "$TMPFILE" ]; then
echo "WARN: $ASN returned an empty prefix list — skipping update" >&2
rm -f "$TMPFILE"
exit 0
fi
# Step 4 — atomically replace the config and reload
mv "$TMPFILE" "$DEST"
nginx -t && nginx -s reload && echo "OK: $DEST updated and nginx reloaded"
ipset variant
#!/usr/bin/env bash
# Same pattern for ipset — pipe the commands into ipset restore
# only after validating the response.
ASN="${1:-AS13335}"
TMPFILE=$(mktemp)
URL="https://asn.ipinfo.app/api/text/ipset/${ASN}"
HTTP_STATUS=$(curl -s -f -o "$TMPFILE" -w "%{http_code}" "$URL")
if [ "$?" -ne 0 ] || [ "$HTTP_STATUS" != "200" ]; then
echo "ERROR: fetch failed (HTTP $HTTP_STATUS)" >&2
rm -f "$TMPFILE"; exit 1
fi
if [ ! -s "$TMPFILE" ]; then
echo "WARN: empty response for $ASN — no changes made" >&2
rm -f "$TMPFILE"; exit 0
fi
ipset restore < "$TMPFILE" && echo "OK: ipset rules loaded for $ASN"
rm -f "$TMPFILE"